VAMPIRE

eBACS: ECRYPT Benchmarking of Cryptographic Systems


ECRYPT II
General information:IntroductioneBASHeBASCeBAEADeBATSSUPERCOPXBXComputersArch
How to submit new software:Tipshashstreamaeaddhkemencryptsign
List of primitives measured:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
Measurements:lwcsha3hashstreamlwccaesaraeaddhkemencryptsign
List of subroutines:verifydecodeencodesortcorehashblocksxofscalarmult

Measurements of public-key Diffie–Hellman secret-sharing systems on one machine: amd64; Core 2 45nm (1067a); 2009 Intel Core 2 Duo E7600; 2 x 3060MHz; wolfdale, supercop-20240625

[Page version: 20240720 10:46:06]

eBATS (ECRYPT Benchmarking of Asymmetric Systems) is a project to measure the performance of public-key systems. This page presents benchmark results collected in eBATS for public-key Diffie–Hellman secret-sharing systems:

Each table row lists the first quartile of many speed measurements, the median of many speed measurements, the third quartile of many speed measurements, and the name of the primitive. Measurements with large variance are indicated in red with question marks. The symbol T: (starting with supercop-20200816) means that the SUPERCOP database at the time of benchmarking did not list constant time as a goal for this implementation. The symbol T!!! means that constant time was listed as a goal for this implementation, but that the implementation failed TIMECOP. (TIMECOP failures are not necessarily security issues; they can sometimes be resolved by, e.g., declaring that a rejection-sampling condition is safe to declassify.)

There is a separate page with more information about each Diffie–Hellman system and each implementation. Designers and implementors interested in submitting new Diffie–Hellman systems and new implementations of existing systems should read the call for submissions.


Implementation notes

Graphs: (pkcycles,pkbytes) (scycles,pkbytes)

Cycles to generate a key pair
25%50%75%system
406844133342165
T:
jacfp127i
426704307044017
T:
kumjacfp127g
471774779748475
T:
prjfp127i
486984937450173
T:
hecfp127i
731997381974394
T:
jacfp128bk
867218757988877
T:
hecfp128fkt
869228774489022
T:
hecfp128bk
871868789489281
T:
hecfp128i
871758801089089
T:
prjfp128bk
123430124886126544
T:
gls1271
126684127328128992
T:
curve2251
179219179314180136
T:
kumfp127g
292368292921294828
T:
curve25519
314695314834314999
T:
kumfp128g
333116334496335281
T:
ed448goldilocks
397568399014406371
T:
kummer
422362425468428917
T:
sclaus1024
497644498154498651
T:
nistp256
759277763427766542
T:
surf2113
165961716612361662881
T:
ed521gs
191739019216381927105
T:
nist521gs
214569521611022176216
T:
sclaus2048
253417725424332732023
T:
claus
Cycles to compute a shared secret
25%50%75%system
183591183685184382
T:
kumfp127g
187546187724188191
T:
kumjacfp127g
242633242776243016
T:
jacfp128bk
292046292213292377
T:
jacfp127i
293029293626295138
T:
curve25519
298911299099299408
T:
prjfp128bk
306092306229306427
T:
hecfp128bk
305102315513316984
T:
gls1271
317239317369317570
T:
hecfp128fkt
327127327219327399
T:
kumfp128g
380799381000381297
T:
prjfp127i
388995389237390218
T:
hecfp127i
398365401957407593
T:
kummer
423513427001433339
T:
sclaus1024
523736526676527044
T:
curve2251
692990693437693711
T:
hecfp128i
755182764827766745
T:
surf2113
103093210357841037540
T:
ed448goldilocks
116233011629061164580
T:
nistp256
165287916545861657262
T:
ed521gs
191292319146211916046
T:
nist521gs
214595321823212207115
T:
sclaus2048
253793825655512756463
T:
claus